lundi 27 janvier 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

SMC D3G0804W 3.5.2.5-LAT_GA WiFi Network Configuration Page SSID cross site scripting

A vulnerability was found in SMC D3G0804W 3.5.2.5-LAT_GA and classified as problematic. Affected by this issue is some unknown functionality of the component WiFi Network Configuration Page. There is no information about possible countermeasures...
Auteur: VulDB

conversation-watson Plugin up to 0.8.20 on WordPress Chat Message DOM-Based cross site scripting

A vulnerability has been found in conversation-watson Plugin up to 0.8.20 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Chat Message Handler. Upgrading to version 0.8.21...
Auteur: VulDB

Logaritmo Logaritmo Aware CallManager 2012 File Upload procesa_carga.php PHP File privilege escalation

A vulnerability, which was classified as critical, was found in Logaritmo Logaritmo Aware CallManager 2012. Affected is an unknown function of the file /supervisor/procesa_carga.php of the component File Upload. There is no information about...
Auteur: VulDB

Comtech Stampede FX-1010 7.4.3 Poll Routes Page Shell Metacharacter Remote Code Execution

A vulnerability, which was classified as critical, has been found in Comtech Stampede FX-1010 7.4.3. This issue affects some unknown processing of the component Poll Routes Page. There is no information about possible countermeasures known. It...
Auteur: VulDB

Comtech Stampede FX-1010 7.4.3 Fetch URL Page Remote Code Execution

A vulnerability classified as critical was found in Comtech Stampede FX-1010 7.4.3. This vulnerability affects an unknown code block of the component Fetch URL Page. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Comtech Stampede FX-1010 7.4.3 Diagnostics Trace Route Page Shell Metacharacter Remote Code Execution

A vulnerability classified as critical has been found in Comtech Stampede FX-1010 7.4.3. This affects an unknown code of the component Diagnostics Trace Route Page. There is no information about possible countermeasures known. It may be suggested...
Auteur: VulDB

WP Database Backup Plugin up to 5.5 on WordPress HTTPS Request information disclosure

A vulnerability was found in WP Database Backup Plugin up to 5.5 on WordPress (Backup Software). It has been rated as problematic. Affected by this issue is an unknown part of the file wp-content/uploads/db-backup/. There is no information about...
Auteur: VulDB

Meinberg Lantime M300/Lantime M1000 Network Configuration /config/netconf.cmd privilege escalation

A vulnerability was found in Meinberg Lantime M300 and Lantime M1000 (affected version unknown). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the file /config/netconf.cmd of the component...
Auteur: VulDB

Gentoo Portage up to 2.3.84 Plugin plugins privilege escalation

A vulnerability was found in Gentoo Portage up to 2.3.84. It has been classified as critical. Affected is an unknown functionality in the library /usr/lib64/nagios/plugins of the component Plugin Handler. There is no information about possible...
Auteur: VulDB

CERTFR-2020-AVI-047 : Vulnérabilité dans Moodle (20 janvier 2020)

Une vulnérabilité a été découverte dans Moodle. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Auteur: Cert FR

Internet Explorer Zero-Day Vulnerability (CERT-EU Security Advisory 2020-006)

Microsoft released an advisory notifying about a remote code execution (RCE) vulnerability existing in the scripting engine of Internet Explorer (IE). The vulnerability allows an attacker to corrupt the memory of the IE and execute code with the...
Auteur: Cert EU

CERTFR-2020-AVI-046 : Multiples vulnérabilités dans le noyau Linux d’Ubuntu (20 janvier 2020)

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des...
Auteur: Cert FR

Gallagher Command Centre prior 7.90.991(MR5)/8.00.1161(MR5)/8.10.1134(MR4) Event Trail Credentials information disclosure

A vulnerability was found in Gallagher Command Centre and classified as problematic. This issue affects an unknown function of the component Event Trail Handler. Upgrading to version 7.90.991(MR5), 8.00.1161(MR5) or 8.10.1134(MR4) eliminates this...
Auteur: VulDB

TestLink up to 1.9.19 Incomplete Fix CVE-2019-19491 index.php reqURI cross site scripting

A vulnerability has been found in TestLink up to 1.9.19 and classified as problematic. This vulnerability affects some unknown processing of the file index.php of the component Incomplete Fix CVE-2019-19491. Upgrading to version 1.9.20 eliminates...
Auteur: VulDB

CERTFR-2020-ALE-006 : Vulnérabilité dans Microsoft Internet Explorer (20 janvier 2020)

Le 17 janvier 2020, Microsoft a annoncé qu'Internet Explorer est affecté par une vulnérabilité de type 0 jour qui permet à un attaquant d'exécuter du code arbitraire à distance avec les privilèges de l'utilisateur actuel. Cette vulnérabilité,...
Auteur: Cert FR

Cacti 1.2.8 Performance Boost Debug Log poller_automation.php Shell Metacharacter privilege escalation

A vulnerability, which was classified as critical, was found in Cacti 1.2.8 (Log Management Software). This affects an unknown code block of the file poller_automation.php of the component Performance Boost Debug Log. There is no information...
Auteur: VulDB

UHP UHP-100 3.4.1.15/3.4.2.4/3.4.3 Site Setup cw2 td cross site scripting

A vulnerability, which was classified as problematic, has been found in UHP UHP-100 3.4.1.15/3.4.2.4/3.4.3. Affected by this issue is an unknown code of the file cw2 of the component Site Setup. There is no information about possible...
Auteur: VulDB

UHP UHP-100 3.4.1.15 Profile Title cB3 ta cross site scripting

A vulnerability classified as problematic was found in UHP UHP-100 3.4.1.15. Affected by this vulnerability is an unknown part of the file cB3 of the component Profile Title Handler. There is no information about possible countermeasures known....
Auteur: VulDB

Ruckus ZoneFlex R310 104.0.0.0.1347 Configuration SSID Stored cross site scripting

A vulnerability classified as problematic has been found in Ruckus ZoneFlex R310 104.0.0.0.1347. Affected is some unknown functionality of the component Configuration. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

KMS Controls BAC-A1616BC BACnet BC_Logon.swf BACKDOOR_NAME weak authentication

A vulnerability was found in KMS Controls BAC-A1616BC BACnet (unknown version). It has been rated as critical. This issue affects an unknown functionality of the file BC_Logon.swf. There is no information about possible countermeasures known. It...
Auteur: VulDB

Evoko Home 1.31 websocket WebSocket Request information disclosure

A vulnerability was found in Evoko Home 1.31. It has been declared as problematic. This vulnerability affects an unknown function of the file sockjs/224/uf1psgff/websocket. There is no information about possible countermeasures known. It may be...
Auteur: VulDB

Evoko Home 1.31 Error Message Username information disclosure

A vulnerability was found in Evoko Home 1.31. It has been classified as problematic. This affects some unknown processing of the component Error Message Handler. There is no information about possible countermeasures known. It may be suggested to...
Auteur: VulDB

Westermo MRD-315 1.7.3/1.7.4 Web Application ifaces-diag.asp Parameter information disclosure

A vulnerability was found in Westermo MRD-315 1.7.3/1.7.4 and classified as problematic. Affected by this issue is an unknown code block of the file ifaces-diag.asp of the component Web Application. There is no information about possible...
Auteur: VulDB

Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504 result weak authentication

A vulnerability has been found in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504 (Web Server) and classified as critical. Affected by this vulnerability is an unknown code. There is no information about possible countermeasures...
Auteur: VulDB

chained-quiz Plugin 1.1.8.1 on WordPress wp-admin/admin-ajax.php total_questions cross site scripting

A vulnerability, which was classified as problematic, was found in chained-quiz Plugin 1.1.8.1 on WordPress (WordPress Plugin). Affected is an unknown part of the file wp-admin/admin-ajax.php. There is no information about possible...
Auteur: VulDB
First567891011121314Last

Événements SSI

FIC

Ayant pour thème cette année "Replacer l'humain au coeur de la cybersécurité", le Forum International de la Cybersécurité occupe les 28, 29 et 30 janvier 2020 le Grand Palais de Lille. Organisé par la Région Hauts-de-France et Euratechnologies, la Gendarmerie Nationale et CEIS.

RSS